Thread: Th3H4ck hacked hundreds of VB forums over the last two days.
View Single Post
  #84  
Old 09-18-2013, 12:13 PM
tnedator tnedator is offline
 
Join Date: Aug 2007
Posts: 43
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Paul M View Post
There is no such thing as a "red alert". The ACP news item is there, so clearly you did miss it, and unless you dismissed it, it will still be there. If you dismissed it without reading it then thats your issue.


Whether you can find it does not change the fact an e-mail was sent. It is your responsibility to make sure your e-mail address is up to date, and doesnt filter out vb e-mails.
It is true that an email was sent out, but only AFTER it was too late for so many sites. There was a forum announcement posted on vb.com on 8/27, but no email was sent until 9/3, presumably once it moved from a "potential exploit" that vB was investigating to a case of hundreds or thousands of sites being hacked.

For most of us, we have followed VB installation instructions for many years. This is from the 4.2 read me/install instructions:

Quote:
8. When the installation wizard is complete, it will ask if you want to go to the Admin Control Panel. Before proceeding to the Admin Control Panel, you must delete the 'install/install.php'file from your webserver. You may then enter the control panel and start working on your new vBulletin!
Nothing about deleting the entire directory. Now, if there was enough of a potential exploit to post a vBulletin announcement about deleting the /install directory, there should have been an email on 8/27. Instead, myself, like so many others, got the email AFTER the site was hacked, rather than a week before.
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01141 seconds
  • Memory Usage 1,763KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete